Kenya Insights

Tag: Equity bank hacking

  • INSIDE THE SH1.5 BILLION EQUITY BANK HEIST: HOW A CITY LAWYER ORCHESTRATED ONE OF KENYA’S BIGGEST BANKING FRAUDS

    INSIDE THE SH1.5 BILLION EQUITY BANK HEIST: HOW A CITY LAWYER ORCHESTRATED ONE OF KENYA’S BIGGEST BANKING FRAUDS

    In what authorities are calling one of the most sophisticated banking frauds in Kenya’s recent history, prominent city lawyer Esther Bitutu Kadiki stands accused of masterminding an elaborate scheme that drained Sh1.5 billion from Equity Bank in just 90 days.

    Court documents reveal a complex web of fictitious transactions, proxy companies, and cryptocurrency conversions designed to mask the massive theft.

    The Elaborate Scheme

    According to court papers filed by the Directorate of Criminal Investigations (DCI), Kadiki allegedly siphoned Sh1,499,465,831 from Equity Bank between May 1 and July 31, 2024.

    The funds were systematically extracted from the bank’s internal Salaries Remittance General Ledger Account Number 0001*100774**, then quickly dispersed to several non-Equity Bank accounts with falsified transaction descriptions to conceal their origin.

    “The respondent is a member of a larger organised group that is well-structured with every individual assigned his or her duties,” stated Inspector Chrispinus Sore Shibanda of the DCI’s Banking Fraud Investigations Unit in a sworn affidavit presented to Milimani Chief Magistrate Onyina.

    Multi-Layered Money Laundering Operation

    The investigation has exposed what appears to be a carefully orchestrated operation with multiple phases:

    1. Recruitment of insiders : The scheme allegedly began with Kadiki recruiting bank employees who could provide access to internal systems.

    2. System penetration : With inside help, the syndicate identified vulnerable accounts and transaction pathways.

    3. Proxy network establishment : Kadiki allegedly recruited both individuals and companies whose accounts would be used to launder the stolen funds.

    4. Fictitious documentation : As an advocate, Kadiki is accused of drafting fake business agreements between companies to justify large cash movements.

    5. Complex layering : The stolen funds were quickly moved through “several layers of intricate financial transactions including bulk withdrawals, transfers to other bank accounts and purchase of crypto currencies,” according to court documents.

    Following the Money Trail

    Banking fraud investigators have traced at least Sh38 million to accounts directly linked to Kadiki, including those registered to Inforide Point Limited—a company she co-owns with her husband—and Kadiki & Advocates, her legal practice.

    Lawyer Esther Bitutu Kadiki in court on May 6, 2025.
    Lawyer Esther Bitutu Kadiki in court on May 6, 2025.

    During interrogation, Kadiki provided agreements between her companies and eight others, which investigators have connected to transfers exceeding Sh400 million.

    However, authorities claim she has been “unwilling to provide information regarding the real faces behind the said agreements,” maintaining she never personally met the individuals involved.

    “As an advocate of the High Court of Kenya, such narrative can only be better understood to mean she is protecting those people,” Inspector Shibanda told the court.

    The Arrest and Legal Proceedings

    Kadiki was arrested on May 5, 2025, after presenting herself to the Banking Fraud Investigation Office in response to summons issued back in October 2024.

    Prosecutors argue that her delayed compliance with the summons—spanning over six months—demonstrates flight risk concerns.

    Defense lawyer Ken Echesa has applied for bail, noting that Kadiki is expecting a child and already has a young child under her care.

    The prosecution has countered by requesting she be remanded for 21 days to allow for completion of investigations.

    Chief Magistrate Onyina is expected to rule on the bail application today, May 7, 2025.

    Broader Implications for Banking Security

    This case highlights significant vulnerabilities in banking systems that allowed such massive fraud to go undetected for three months.

    Banking security experts note that access to internal general ledger accounts typically requires multiple authorization levels and oversight.

    “For someone to extract Sh1.5 billion from a bank’s salary remittance account over 90 days suggests serious internal control failures or collusion at multiple levels,” said a Banking Security Expert, who spoke on condition of anonymity due to the sensitivity of the ongoing investigation.

    Equity Bank has not issued an official statement regarding the fraud, though sources indicate the bank has implemented enhanced security protocols in response to the breach.

    A Growing Trend

    This case comes amid increasing concerns about sophisticated banking fraud schemes in Kenya.

    Just months earlier, authorities investigated what was described as the “Mulot gang” in connection with a Sh6 million fraud at Standard Chartered Bank.

    Additionally, the DCI has been investigating bank staff involvement in robberies targeting clients making large withdrawals.

    The case against Kadiki represents one of the largest alleged banking frauds in Kenya’s history, with investigators continuing to pursue leads regarding other members of what they describe as a “larger organised group” behind the scheme.

    As the legal proceedings unfold, banking regulators are expected to scrutinize internal controls at major financial institutions to prevent similar breaches in the future.

  • Equity Bank Heist: How Hackers Moved Sh322M To UAE To Evade Kenyan Authorities

    Equity Bank Heist: How Hackers Moved Sh322M To UAE To Evade Kenyan Authorities

    In April, 2023 detectives say someone hacked into Equity Bank’s payment and fraud management system, and changed security levels of three merchants who were registered with the lender for credit card payments.

    In the Cybersource system, security levels for the three merchants are suspected to have been changed from three-dimensional, which involves multiple authentication processes before allowing payments, to two dimensional which has lower safeguards.

    For the next three months, a number of transactions were allegedly run on fraudulent credit cards with payments done in favour of the three merchants.

    Investigators say no goods or services had changed hands despite millions going to the three merchants, straight from the pot where Equity Bank stored funds for settlement of credit card transactions – the bank had been slowly but surely robbed.

    By the time Equity Bank found out and reported the matter to the police, it had lost Sh322.1 million.

    Correspondence between the Directorate of Criminal Investigations (DCI) and the Office of the Director of Public Prosecutions (ODPP) seen by Nation Africa has revealed how the loot was moved through multiple bank accounts, with an undisclosed portion of it ending up in the United Arab Emirates (UAE).

    Investigators have recommended the prosecution of four suspects, whose names we have withheld for legal reasons.

    The correspondence also gives insight into the difficulty in tracking down cybercrime suspects, as it took more than a year to investigate one of the numerous virtual robberies that have left lenders and security agencies chasing their tails while trying to recover stolen funds.

    “Thus, the substance of the complaint is that between April, 2023 and July, 2023 three merchants namely (names withheld) each defrauded Equity Bank Kenya Ltd by changing their integration type in the CyberSource from 3D to 2D. This allowed the merchants to run scripts of fraudulent cards on the CyberSource platform which enabled them to obtain the sum of Sh322,154,851 directly from the bank’s settlement account,” the letter to the DPP reads.

    The three merchants, would allegedly transfer money they received through the credit card fraud to an account at Middle East Bank operated by a company.

    For some batches, one of the companies would wire funds to a local bank account operated by a Kenyan-Briton businessman.

    The Kenyan-Briton moved the funds he received to a private company in Abu Dhabi.

    The correspondence between the investigators and the prosecution does not indicate whether Kenyan authorities have engaged their UAE counterparts to aid in investigations or recover the stolen funds.

    But in April, the DCI recommended to the DPP that the three merchants and their suspected Kenyan-Briton accomplice be prosecuted.

    DCI officers recommended that they be charged with stealing by agents contrary to section 283(1) of the penal code, money laundering contrary to section 3(a)(i)(iii) as read with section 16(i)(a)(b) of the Proceeds of Crime and Anti-Money Laundering Act, and computer fraud contrary to section 26(1)(c) as read with section 26(2)(b) of the Computer Misuse and Cybercrimes Act.

    Even as the DCI hopes that the four suspects will be charged, its officers are still looking into other merchants believed to be part of the suspected credit card syndicate.

    A laptop recovered from one of the suspects the DCI wants prosecuted was confiscated and detectives are confident that forensic analysis of the device will offer more leads.

    Particularly, the forensic analysis is expected to reveal whether an Equity Bank staff member aided the theft.

    Interestingly, Equity Bank suffered another round of losses from credit card fraud exactly one year later when fraudsters targeted Sh179.6 million.

    Equity Bank was able to freeze Sh60 million. The Sh118.9 million balance had already been shipped out of the lender.

    The theft proceeds had been stashed in 551 bank accounts, which then started shipping it out.

    The suspected fraudsters transferred Sh63 million to numerous M-Pesa accounts, Sh39 million was moved to accounts in other banks.

    In July, the bank was also robbed of Sh1.5 billion in a separate incident. The main suspect in that incident, David Machiri, has been missing since being picked up by DCI officers in August.

  • Rwanda jails 8 Kenyans behind Equity hack

    Rwanda jails 8 Kenyans behind Equity hack

    Rwandan Investigation Bureau (RIB) arrested eight Kenyans behind the hacking of Equity Bank and handed them eight-year jail terms and fined Sh5.6 million.

    RIB trailed the gang that has also been connected to several hacking attempts in the East African region and had notified Rwandan authorities about there new area of operation.

    The eight are members of a 12-man organised gang arrested in 2019 by (RIB) that had recruited one Ugandan and three Rwandese nationals and a Ugandan. They were hacking into Equity Bank accounts and channeling money to their accomplices in Rwanda to draw out funds through ATM and Eazzy banking systems.

    The arrested members Kenyans include Samuel Wachira Nyuguto, Muchoki Muriuki,  Kinyua Erickson Macharia, Steve Maina Wambugu, Gachiri Githinji, Eric Dickson Njagi Mutegi, Reuben Kirogothi Mwangi and Damaris Njeri Kamau.

    Media outlets in Rwanda reported that they were sentenced on July 2, fined Rwf50 million (Sh5.3 million) in damages and Rwf3 million (Sh322,000) for other charges.

    “The court tendered the verdict on the five charges; unauthorized access to s computer or a computer system data; access to data with intent to commit an offence; unauthorised modification of computer or computer system data; theft; and formation of or joining a criminal association,” Taarifa Rwanda said.

    Equity Bank officials in a courtesy photo with the Rwandan President Paul Kagame [in grey]
    The gang was colluding with Equity bank staffers who helped them identify accounts with huge deposits that they targeted and moved money to move money to accounts of accomplices.

    They used the Eazzy banking platform, which Equity Bank and security agents intercepted after they received alerts on their operations, including the recruitment of Rwandans they would use to take cash out stolen funds.

    Rwanda has reported increase in cyber-crime which has tripled from just 47 reported cases in 2017 to 113 cases in 2018 with more than sixty cases committed in the capital Kigali.

    Convictions of the 8 Kenyans come at the time when the East African country is struggling to collaborate with its counterparts to nab cartels wrecking havoc in financial institutions across the borders.

    Even Kenya with a highly digitized economy linked with banks mobile money transfers has been a target for cyber-crime and online fraud.

    Equity Bank is owned by Kenyan investors but has expanded its footprint in the region with an ambitious plan to facilitate the Rwandese government has 80% of its population is banked and embracing a savings culture.

    The bank’s Managing Director James Mwangi revealed that they invested over US$ 12million in the Rwanda setup which is in line with Rwandese government’s Vision 2020 development strategy.